Blue Cross Blue Shield of Michigan has advised around 15,000 customers that some of their private and confidential information was stored on a laptop computer that was stolen from an employee of a business associate of one of its subsidiaries.

The laptop computer was stolen on October 26, 2018. Blue Cross Blue Shield of Michigan learned of the breach of protected health information (PHI) of plan members on November 12, 2018. The breach affected Blue Cross’ Medicare Advantage health insurance plans members. Notices currently being sent by mail to all plan members affected by the data breach.

The laptop computer requires a password to be entered to access data and patient data on the device was encrypted. Normally this would not qualify as a reportable data breach, but in this case, Blue Cross Blue Shield of Michigan believes the employee’s credentials might also have been taken. As a result, it is possible that the encryption could be removed.

The data kept on the stolen laptop only included names, dates of birth, genders, addresses, members’ identification numbers, provider details, diagnoses, and prescribed medicines. No Social Security numbers or financial information were stored on the device.

Computer experts are investigating the incident and login credentials of all staff members have now been changed. The risk of patients experiencing identity theft and fraud is thought to be low; however, as a precaution, all people affected by the breach have been offered two years of identity theft protection services free of charge.

Blue Cross Blue Shield of Michigan, together with its subsidiary company, are reviewing policies and procedures and are updating them to better protect plan members information. Extra safeguards will likewise be applied to avoid further data breaches.